Re: Asterisk ignoring replayed libpcap sessions

["Aaron Turner" <synfinatic () gmail com>]

On 10/28/06, nnp <version5 () gmail com> wrote:
> Hey,
> I'm currently testing the Asterisk PBX for vulnerabilities but I just
> encountered an interesting problem when trying to recreate a crash.
> Using a fuzzer I can crash it in the exact same place every time. I am
> recording these session using ethereal (wireshark) and then replaying
> them using tcpreplay e.g
>
> sudo tcpreplay -i lo dieAsterisk.eth
>
> Anyways, the problem is Asterisk completely ignores the data sent to
> it via tcpreplay. I'm not sure what the issue could be. The packets
> replayed are identical. Is anyone aware of any checksum that takes
> timing into account or whatnot in Asterisk?

Using tcpreplay to replay traffic to a server is full of potential
problems and generally considered not supported.  If you're using SIP
over UDP you have a chance, but not over TCP.

For more info:
http://tcpreplay.synfin.net/trac/wiki/FAQ#Doestcpreplaysupportsendingtraffictoaserver

Also:
1) Be sure your pcap only contains the client side of the traffic.
2) Sending over loopback isn't really supported... I'm not really sure
what will happen... most likely OS dependant.  Also, be aware that DLT
types are different for loopback depending on your OS.  Make sure
you've got the right L2 header (or none) if applicable.
3) Don't forget to check your firewall settings if enabled.

--
Aaron Turner
http://synfin.net/